The following issues were found
drivers/staging/rtl8712/rtl871x_recv.c
26 issues
Line: 341
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sta_addr = pattrib->src;
}
} else if (check_fwstate(pmlmepriv, WIFI_MP_STATE)) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
sta_addr = mybssid;
Reported by FlawFinder.
Line: 342
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
} else if (check_fwstate(pmlmepriv, WIFI_MP_STATE)) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
sta_addr = mybssid;
} else {
Reported by FlawFinder.
Line: 343
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (check_fwstate(pmlmepriv, WIFI_MP_STATE)) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
sta_addr = mybssid;
} else {
ret = _FAIL;
Reported by FlawFinder.
Line: 344
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
sta_addr = mybssid;
} else {
ret = _FAIL;
}
Reported by FlawFinder.
Line: 345
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
sta_addr = mybssid;
} else {
ret = _FAIL;
}
if (bmcast)
Reported by FlawFinder.
Line: 408
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return _FAIL;
} else if (check_fwstate(pmlmepriv, WIFI_MP_STATE) &&
check_fwstate(pmlmepriv, _FW_LINKED)) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
memcpy(pattrib->bssid, mybssid, ETH_ALEN);
Reported by FlawFinder.
Line: 409
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (check_fwstate(pmlmepriv, WIFI_MP_STATE) &&
check_fwstate(pmlmepriv, _FW_LINKED)) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
memcpy(pattrib->bssid, mybssid, ETH_ALEN);
*psta = r8712_get_stainfo(pstapriv, pattrib->bssid);
Reported by FlawFinder.
Line: 410
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
check_fwstate(pmlmepriv, _FW_LINKED)) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
memcpy(pattrib->bssid, mybssid, ETH_ALEN);
*psta = r8712_get_stainfo(pstapriv, pattrib->bssid);
if (!*psta)
Reported by FlawFinder.
Line: 411
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
memcpy(pattrib->bssid, mybssid, ETH_ALEN);
*psta = r8712_get_stainfo(pstapriv, pattrib->bssid);
if (!*psta)
return _FAIL;
Reported by FlawFinder.
Line: 412
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
memcpy(pattrib->bssid, mybssid, ETH_ALEN);
*psta = r8712_get_stainfo(pstapriv, pattrib->bssid);
if (!*psta)
return _FAIL;
} else {
Reported by FlawFinder.
drivers/scsi/bfa/bfa_defs.h
26 issues
Line: 266
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct bfa_adapter_attr_s {
char manufacturer[BFA_ADAPTER_MFG_NAME_LEN];
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
Reported by FlawFinder.
Line: 267
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bfa_adapter_attr_s {
char manufacturer[BFA_ADAPTER_MFG_NAME_LEN];
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
Reported by FlawFinder.
Line: 269
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char manufacturer[BFA_ADAPTER_MFG_NAME_LEN];
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
Reported by FlawFinder.
Line: 270
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
Reported by FlawFinder.
Line: 272
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd_s vpd;
Reported by FlawFinder.
Line: 273
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd_s vpd;
struct mac_s mac;
Reported by FlawFinder.
Line: 274
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd_s vpd;
struct mac_s mac;
Reported by FlawFinder.
Line: 275
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd_s vpd;
struct mac_s mac;
u8 nports;
Reported by FlawFinder.
Line: 276
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd_s vpd;
struct mac_s mac;
u8 nports;
u8 max_speed;
Reported by FlawFinder.
Line: 312
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Driver and firmware versions.
*/
struct bfa_ioc_driver_attr_s {
char driver[BFA_IOC_DRIVER_LEN]; /* driver name */
char driver_ver[BFA_VERSION_LEN]; /* driver version */
char fw_ver[BFA_VERSION_LEN]; /* firmware version */
char bios_ver[BFA_VERSION_LEN]; /* bios version */
char efi_ver[BFA_VERSION_LEN]; /* EFI version */
char ob_ver[BFA_VERSION_LEN]; /* openboot version */
Reported by FlawFinder.
drivers/staging/rtl8723bs/core/rtw_ap.c
26 issues
Line: 1522
CWE codes:
476
static void update_bcn_vendor_spec_ie(struct adapter *padapter, u8 *oui)
{
if (!memcmp(RTW_WPA_OUI, oui, 4))
update_bcn_wpa_ie(padapter);
else if (!memcmp(WMM_OUI, oui, 4))
update_bcn_wmm_ie(padapter);
Reported by Cppcheck.
Line: 1522
CWE codes:
476
static void update_bcn_vendor_spec_ie(struct adapter *padapter, u8 *oui)
{
if (!memcmp(RTW_WPA_OUI, oui, 4))
update_bcn_wpa_ie(padapter);
else if (!memcmp(WMM_OUI, oui, 4))
update_bcn_wmm_ie(padapter);
Reported by Cppcheck.
Line: 1525
CWE codes:
476
if (!memcmp(RTW_WPA_OUI, oui, 4))
update_bcn_wpa_ie(padapter);
else if (!memcmp(WMM_OUI, oui, 4))
update_bcn_wmm_ie(padapter);
else if (!memcmp(WPS_OUI, oui, 4))
update_bcn_wps_ie(padapter);
Reported by Cppcheck.
Line: 1528
CWE codes:
476
else if (!memcmp(WMM_OUI, oui, 4))
update_bcn_wmm_ie(padapter);
else if (!memcmp(WPS_OUI, oui, 4))
update_bcn_wps_ie(padapter);
else if (!memcmp(P2P_OUI, oui, 4))
update_bcn_p2p_ie(padapter);
}
Reported by Cppcheck.
Line: 1531
CWE codes:
476
else if (!memcmp(WPS_OUI, oui, 4))
update_bcn_wps_ie(padapter);
else if (!memcmp(P2P_OUI, oui, 4))
update_bcn_p2p_ie(padapter);
}
void update_beacon(struct adapter *padapter, u8 ie_id, u8 *oui, u8 tx)
{
Reported by Cppcheck.
Line: 121
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (remainder_ielen > 0) {
pbackup_remainder_ie = rtw_malloc(remainder_ielen);
if (pbackup_remainder_ie && premainder_ie)
memcpy(pbackup_remainder_ie, premainder_ie, remainder_ielen);
}
*dst_ie++ = WLAN_EID_TIM;
if ((pstapriv->tim_bitmap & 0xff00) && (pstapriv->tim_bitmap & 0x00fe))
Reported by FlawFinder.
Line: 152
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*dst_ie++ = le16_to_cpu(pvb);
} else if (tim_ielen == 5) {
memcpy(dst_ie, &tim_bitmap_le, 2);
dst_ie += 2;
}
/* copy remainder IE */
if (pbackup_remainder_ie) {
Reported by FlawFinder.
Line: 158
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy remainder IE */
if (pbackup_remainder_ie) {
memcpy(dst_ie, pbackup_remainder_ie, remainder_ielen);
kfree(pbackup_remainder_ie);
}
offset = (uint)(dst_ie - pie);
Reported by FlawFinder.
Line: 181
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sta_info *psta = NULL;
struct sta_priv *pstapriv = &padapter->stapriv;
u8 chk_alive_num = 0;
char chk_alive_list[NUM_STA];
int i;
spin_lock_bh(&pstapriv->auth_list_lock);
phead = &pstapriv->auth_list;
Reported by FlawFinder.
Line: 576
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
psta->wireless_mode = pmlmeext->cur_wireless_mode;
psta->bssratelen = rtw_get_rateset_len(pnetwork->SupportedRates);
memcpy(psta->bssrateset, pnetwork->SupportedRates, psta->bssratelen);
/* HT related cap */
if (phtpriv_ap->ht_option) {
/* check if sta supports rx ampdu */
/* phtpriv_ap->ampdu_enable = phtpriv_ap->ampdu_enable; */
Reported by FlawFinder.
net/decnet/af_decnet.c
26 issues
Line: 294
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case 1:
*buf++ = 0;
*buf++ = le16_to_cpu(sdn->sdn_objnamel);
memcpy(buf, sdn->sdn_objname, le16_to_cpu(sdn->sdn_objnamel));
len = 3 + le16_to_cpu(sdn->sdn_objnamel);
break;
case 2:
memset(buf, 0, 5);
buf += 5;
Reported by FlawFinder.
Line: 301
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(buf, 0, 5);
buf += 5;
*buf++ = le16_to_cpu(sdn->sdn_objnamel);
memcpy(buf, sdn->sdn_objname, le16_to_cpu(sdn->sdn_objnamel));
len = 7 + le16_to_cpu(sdn->sdn_objnamel);
break;
}
return len;
Reported by FlawFinder.
Line: 363
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((len < 0) || (le16_to_cpu(sdn->sdn_objnamel) > namel))
return -1;
memcpy(sdn->sdn_objname, data, le16_to_cpu(sdn->sdn_objnamel));
return size - len;
}
struct sock *dn_sklist_find_listener(struct sockaddr_dn *addr)
Reported by FlawFinder.
Line: 512
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
scp->addr.sdn_family = AF_DECnet;
scp->peer.sdn_family = AF_DECnet;
scp->accessdata.acc_accl = 5;
memcpy(scp->accessdata.acc_acc, "LINUX", 5);
scp->max_window = NSP_MAX_WINDOW;
scp->snd_window = NSP_MIN_WINDOW;
scp->nsp_srtt = NSP_INITIAL_SRTT;
scp->nsp_rttvar = NSP_INITIAL_RTTVAR;
Reported by FlawFinder.
Line: 662
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
node = addr & 0x03ff;
area = addr >> 10;
sprintf(buf, "%hd.%hd", area, node);
return buf;
}
Reported by FlawFinder.
Line: 766
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rv = -EINVAL;
lock_sock(sk);
if (sock_flag(sk, SOCK_ZAPPED)) {
memcpy(&scp->addr, saddr, addr_len);
sock_reset_flag(sk, SOCK_ZAPPED);
rv = dn_hash_sock(sk);
if (rv)
sock_set_flag(sk, SOCK_ZAPPED);
Reported by FlawFinder.
Line: 798
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(scp->accessdata.acc_accl <= 12)) {
scp->addr.sdn_objnamel = cpu_to_le16(scp->accessdata.acc_accl);
memcpy(scp->addr.sdn_objname, scp->accessdata.acc_acc, le16_to_cpu(scp->addr.sdn_objnamel));
scp->accessdata.acc_accl = 0;
memset(scp->accessdata.acc_acc, 0, 40);
}
/* End of compatibility stuff */
Reported by FlawFinder.
Line: 940
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(&scp->peer, addr, sizeof(struct sockaddr_dn));
err = -EHOSTUNREACH;
memset(&fld, 0, sizeof(fld));
fld.flowidn_oif = sk->sk_bound_dev_if;
fld.daddr = dn_saddr2dn(&scp->peer);
Reported by FlawFinder.
Line: 1005
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned char *ptr = skb->data;
acc->acc_userl = *ptr++;
memcpy(&acc->acc_user, ptr, acc->acc_userl);
ptr += acc->acc_userl;
acc->acc_passl = *ptr++;
memcpy(&acc->acc_pass, ptr, acc->acc_passl);
ptr += acc->acc_passl;
Reported by FlawFinder.
Line: 1009
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr += acc->acc_userl;
acc->acc_passl = *ptr++;
memcpy(&acc->acc_pass, ptr, acc->acc_passl);
ptr += acc->acc_passl;
acc->acc_accl = *ptr++;
memcpy(&acc->acc_acc, ptr, acc->acc_accl);
Reported by FlawFinder.
arch/powerpc/mm/book3s64/hash_utils.c
26 issues
Line: 1263
Column: 57
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
#endif
void hash_failure_debug(unsigned long ea, unsigned long access,
unsigned long vsid, unsigned long trap,
int ssize, int psize, int lpsize, unsigned long pte)
{
if (!printk_ratelimit())
return;
Reported by FlawFinder.
Line: 1270
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (!printk_ratelimit())
return;
pr_info("mm: Hashing failure ! EA=0x%lx access=0x%lx current=%s\n",
ea, access, current->comm);
pr_info(" trap=0x%lx vsid=0x%lx ssize=%d base psize=%d psize %d pte=0x%lx\n",
trap, vsid, ssize, psize, lpsize, pte);
}
static void check_paca_psize(unsigned long ea, struct mm_struct *mm,
Reported by FlawFinder.
Line: 1299
Column: 18
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
* -2 - access not permitted by subpage protection mechanism
*/
int hash_page_mm(struct mm_struct *mm, unsigned long ea,
unsigned long access, unsigned long trap,
unsigned long flags)
{
bool is_thp;
pgd_t *pgdir;
unsigned long vsid;
Reported by FlawFinder.
Line: 1311
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int psize, ssize;
DBG_LOW("hash_page(ea=%016lx, access=%lx, trap=%lx\n",
ea, access, trap);
trace_hash_fault(ea, access, trap);
/* Get region & vsid */
switch (get_region_id(ea)) {
case USER_REGION_ID:
Reported by FlawFinder.
Line: 1312
Column: 23
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
DBG_LOW("hash_page(ea=%016lx, access=%lx, trap=%lx\n",
ea, access, trap);
trace_hash_fault(ea, access, trap);
/* Get region & vsid */
switch (get_region_id(ea)) {
case USER_REGION_ID:
user_region = 1;
Reported by FlawFinder.
Line: 1396
Column: 2
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
* because we do set H_PAGE_BUSY which prevents further updates to pte
* from generic code.
*/
access |= _PAGE_PRESENT | _PAGE_PTE;
/*
* Pre-check access permissions (will be re-checked atomically
* in __hash_page_XX but this pre-check is a fast path
*/
Reported by FlawFinder.
Line: 1402
Column: 24
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
* Pre-check access permissions (will be re-checked atomically
* in __hash_page_XX but this pre-check is a fast path
*/
if (!check_pte_access(access, pte_val(*ptep))) {
DBG_LOW(" no access !\n");
rc = 1;
goto bail;
}
Reported by FlawFinder.
Line: 1410
Column: 29
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (hugeshift) {
if (is_thp)
rc = __hash_page_thp(ea, access, vsid, (pmd_t *)ptep,
trap, flags, ssize, psize);
#ifdef CONFIG_HUGETLB_PAGE
else
rc = __hash_page_huge(ea, access, vsid, ptep, trap,
flags, ssize, hugeshift, psize);
Reported by FlawFinder.
Line: 1414
Column: 30
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
trap, flags, ssize, psize);
#ifdef CONFIG_HUGETLB_PAGE
else
rc = __hash_page_huge(ea, access, vsid, ptep, trap,
flags, ssize, hugeshift, psize);
#else
else {
/*
* if we have hugeshift, and is not transhuge with
Reported by FlawFinder.
Line: 1475
Column: 28
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
#ifdef CONFIG_PPC_64K_PAGES
if (psize == MMU_PAGE_64K)
rc = __hash_page_64K(ea, access, vsid, ptep, trap,
flags, ssize);
else
#endif /* CONFIG_PPC_64K_PAGES */
{
int spp = subpage_protection(mm, ea);
Reported by FlawFinder.
drivers/scsi/qla2xxx/qla_mbx.c
26 issues
Line: 2028
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Names are little-endian. */
memcpy(fcport->node_name, pd24->node_name, WWN_SIZE);
memcpy(fcport->port_name, pd24->port_name, WWN_SIZE);
/* Get port_id of device. */
fcport->d_id.b.domain = pd24->port_id[0];
fcport->d_id.b.area = pd24->port_id[1];
Reported by FlawFinder.
Line: 2029
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Names are little-endian. */
memcpy(fcport->node_name, pd24->node_name, WWN_SIZE);
memcpy(fcport->port_name, pd24->port_name, WWN_SIZE);
/* Get port_id of device. */
fcport->d_id.b.domain = pd24->port_id[0];
fcport->d_id.b.area = pd24->port_id[1];
fcport->d_id.b.al_pa = pd24->port_id[2];
Reported by FlawFinder.
Line: 2073
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Names are little-endian. */
memcpy(fcport->node_name, pd->node_name, WWN_SIZE);
memcpy(fcport->port_name, pd->port_name, WWN_SIZE);
/* Get port_id of device. */
fcport->d_id.b.domain = pd->port_id[0];
fcport->d_id.b.area = pd->port_id[3];
Reported by FlawFinder.
Line: 2074
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Names are little-endian. */
memcpy(fcport->node_name, pd->node_name, WWN_SIZE);
memcpy(fcport->port_name, pd->port_name, WWN_SIZE);
/* Get port_id of device. */
fcport->d_id.b.domain = pd->port_id[0];
fcport->d_id.b.area = pd->port_id[3];
fcport->d_id.b.al_pa = pd->port_id[2];
Reported by FlawFinder.
Line: 3082
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pmap, pmap[0] + 1);
if (pos_map)
memcpy(pos_map, pmap, FCAL_MAP_SIZE);
}
dma_pool_free(ha->s_dma_pool, pmap, pmap_dma);
if (rval != QLA_SUCCESS) {
ql_dbg(ql_dbg_mbx, vha, 0x1082, "Failed=%x.\n", rval);
Reported by FlawFinder.
Line: 3806
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"Done %s.\n", __func__);
if (mb)
memcpy(mb, mcp->mb, 8 * sizeof(*mb));
if (dwords)
*dwords = buffers;
}
return rval;
Reported by FlawFinder.
Line: 4089
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ha->flags.fawwpn_enabled &&
(rptid_entry->u.f1.flags &
BIT_6)) {
memcpy(vha->port_name,
rptid_entry->u.f1.port_name,
WWN_SIZE);
}
qlt_update_host_map(vha, id);
Reported by FlawFinder.
Line: 4222
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qlt_modify_vp_config(vha, vpmod);
memcpy(vpmod->node_name_idx1, vha->node_name, WWN_SIZE);
memcpy(vpmod->port_name_idx1, vha->port_name, WWN_SIZE);
vpmod->entry_count = 1;
rval = qla2x00_issue_iocb(base_vha, vpmod, vpmod_dma, 0);
if (rval != QLA_SUCCESS) {
Reported by FlawFinder.
Line: 4223
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qlt_modify_vp_config(vha, vpmod);
memcpy(vpmod->node_name_idx1, vha->node_name, WWN_SIZE);
memcpy(vpmod->port_name_idx1, vha->port_name, WWN_SIZE);
vpmod->entry_count = 1;
rval = qla2x00_issue_iocb(base_vha, vpmod, vpmod_dma, 0);
if (rval != QLA_SUCCESS) {
ql_dbg(ql_dbg_mbx, vha, 0x10bd,
Reported by FlawFinder.
Line: 4610
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"Entered %s.\n", __func__);
mcp->mb[0] = MBC_IDC_ACK;
memcpy(&mcp->mb[1], mb, QLA_IDC_ACK_REGS * sizeof(uint16_t));
mcp->out_mb = MBX_7|MBX_6|MBX_5|MBX_4|MBX_3|MBX_2|MBX_1|MBX_0;
mcp->in_mb = MBX_0;
mcp->tov = MBX_TOV_SECONDS;
mcp->flags = 0;
rval = qla2x00_mailbox_command(vha, mcp);
Reported by FlawFinder.
drivers/atm/iphase.c
25 issues
Line: 987
Column: 17
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
u_char* pBuf = prntBuf;
count = 0;
while(count < length){
pBuf += sprintf( pBuf, "%s", prefix );
for(col = 0;count + col < length && col < 16; col++){
if (col != 0 && (col % 4) == 0)
pBuf += sprintf( pBuf, " " );
pBuf += sprintf( pBuf, "%02X ", cp[count + col] );
}
Reported by FlawFinder.
Line: 536
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
TstSchedTbl = (u16*)(SchedTbl+testSlot); //set index and read in value
IF_CBR(printk("CBR Testslot 0x%x AT Location 0x%p, NumToAssign=%d\n",
testSlot, TstSchedTbl,toBeAssigned);)
memcpy((caddr_t)&cbrVC,(caddr_t)TstSchedTbl,sizeof(cbrVC));
while (cbrVC) // If another VC at this location, we have to keep looking
{
inc++;
testSlot = idealSlot - inc;
if (testSlot < 0) { // Wrap if necessary
Reported by FlawFinder.
Line: 547
Column: 11
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SchedTbl,testSlot);)
}
TstSchedTbl = (u16 *)(SchedTbl + testSlot); // set table index
memcpy((caddr_t)&cbrVC,(caddr_t)TstSchedTbl,sizeof(cbrVC));
if (!cbrVC)
break;
testSlot = idealSlot + inc;
if (testSlot >= (int)dev->CbrTotEntries) { // Wrap if necessary
testSlot -= dev->CbrTotEntries;
Reported by FlawFinder.
Line: 561
Column: 11
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
TstSchedTbl = (u16*)(SchedTbl + testSlot);
IF_CBR(printk("Reading CBR Tbl from 0x%p, CbrVal=0x%x Iteration %d\n",
TstSchedTbl,cbrVC,inc);)
memcpy((caddr_t)&cbrVC,(caddr_t)TstSchedTbl,sizeof(cbrVC));
} /* while */
// Move this VCI number into this location of the CBR Sched table.
memcpy((caddr_t)TstSchedTbl, (caddr_t)&vcIndex, sizeof(*TstSchedTbl));
dev->CbrRemEntries--;
toBeAssigned--;
Reported by FlawFinder.
Line: 564
Column: 8
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy((caddr_t)&cbrVC,(caddr_t)TstSchedTbl,sizeof(cbrVC));
} /* while */
// Move this VCI number into this location of the CBR Sched table.
memcpy((caddr_t)TstSchedTbl, (caddr_t)&vcIndex, sizeof(*TstSchedTbl));
dev->CbrRemEntries--;
toBeAssigned--;
} /* while */
/* IaFFrednCbrEnable */
Reported by FlawFinder.
Line: 991
Column: 21
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for(col = 0;count + col < length && col < 16; col++){
if (col != 0 && (col % 4) == 0)
pBuf += sprintf( pBuf, " " );
pBuf += sprintf( pBuf, "%02X ", cp[count + col] );
}
while(col++ < 16){ /* pad end of buffer with blanks */
if ((col % 4) == 0)
sprintf( pBuf, " " );
pBuf += sprintf( pBuf, " " );
Reported by FlawFinder.
Line: 996
Column: 21
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
while(col++ < 16){ /* pad end of buffer with blanks */
if ((col % 4) == 0)
sprintf( pBuf, " " );
pBuf += sprintf( pBuf, " " );
}
pBuf += sprintf( pBuf, " " );
for(col = 0;count + col < length && col < 16; col++){
u_char c = cp[count + col];
Reported by FlawFinder.
Line: 998
Column: 17
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf( pBuf, " " );
pBuf += sprintf( pBuf, " " );
}
pBuf += sprintf( pBuf, " " );
for(col = 0;count + col < length && col < 16; col++){
u_char c = cp[count + col];
if (isascii(c) && isprint(c))
pBuf += sprintf(pBuf, "%c", c);
Reported by FlawFinder.
Line: 1003
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
u_char c = cp[count + col];
if (isascii(c) && isprint(c))
pBuf += sprintf(pBuf, "%c", c);
else
pBuf += sprintf(pBuf, ".");
}
printk("%s\n", prntBuf);
count += col;
Reported by FlawFinder.
Line: 3107
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
IADEV *iadev = INPH_IA_DEV(dev);
if(!left--) {
if (iadev->phy_type == FE_25MBIT_PHY) {
n = sprintf(page, " Board Type : Iphase5525-1KVC-128K\n");
return n;
}
if (iadev->phy_type == FE_DS3_PHY)
n = sprintf(page, " Board Type : Iphase-ATM-DS3");
else if (iadev->phy_type == FE_E3_PHY)
Reported by FlawFinder.
drivers/nvdimm/namespace_devs.c
25 issues
Line: 176
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
if (nsidx)
sprintf(name, "pmem%d.%d%s", nd_region->id, nsidx,
suffix ? suffix : "");
else
sprintf(name, "pmem%d%s", nd_region->id,
suffix ? suffix : "");
} else if (is_namespace_blk(&ndns->dev)) {
Reported by FlawFinder.
Line: 179
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(name, "pmem%d.%d%s", nd_region->id, nsidx,
suffix ? suffix : "");
else
sprintf(name, "pmem%d%s", nd_region->id,
suffix ? suffix : "");
} else if (is_namespace_blk(&ndns->dev)) {
struct nd_namespace_blk *nsblk;
nsblk = to_nd_namespace_blk(&ndns->dev);
Reported by FlawFinder.
Line: 185
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct nd_namespace_blk *nsblk;
nsblk = to_nd_namespace_blk(&ndns->dev);
sprintf(name, "ndblk%d.%d%s", nd_region->id, nsblk->id,
suffix ? suffix : "");
} else {
return NULL;
}
Reported by FlawFinder.
Line: 261
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
kfree(*ns_altname);
*ns_altname = alt_name;
sprintf(*ns_altname, "%s", pos);
rc = len;
out:
kfree(input);
return rc;
Reported by FlawFinder.
Line: 417
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
} else
return -ENXIO;
return sprintf(buf, "%s\n", ns_altname ? ns_altname : "");
}
static DEVICE_ATTR_RW(alt_name);
static int scan_free(struct nd_region *nd_region,
struct nd_mapping *nd_mapping, struct nd_label_id *label_id,
Reported by FlawFinder.
Line: 1227
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for_each_dpa_resource(ndd, res)
if (strcmp(res->name, old_label_id.id) == 0)
sprintf((void *) res->name, "%s",
new_label_id.id);
mutex_lock(&nd_mapping->lock);
list_for_each_entry(label_ent, &nd_mapping->labels, list) {
struct nd_namespace_label *nd_label = label_ent->label;
Reported by FlawFinder.
Line: 1486
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ssize_t rc;
nd_device_lock(dev);
rc = sprintf(buf, "%s\n", ndns->claim ? dev_name(ndns->claim) : "");
nd_device_unlock(dev);
return rc;
}
static DEVICE_ATTR_RO(holder);
Reported by FlawFinder.
Line: 1581
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mode = "memory";
else
mode = "raw";
rc = sprintf(buf, "%s\n", mode);
nd_device_unlock(dev);
return rc;
}
static DEVICE_ATTR_RO(mode);
Reported by FlawFinder.
Line: 220
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct nd_region *nd_region = to_nd_region(dev->parent);
return sprintf(buf, "%d\n", nd_region_to_nstype(nd_region));
}
static DEVICE_ATTR_RO(nstype);
static ssize_t __alt_name_store(struct device *dev, const char *buf,
const size_t len)
Reported by FlawFinder.
Line: 792
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
return 0;
memset(&label_id, 0, sizeof(label_id));
strcat(label_id.id, "pmem-reserve");
for (i = 0; i < nd_region->ndr_mappings; i++) {
struct nd_mapping *nd_mapping = &nd_region->mapping[i];
resource_size_t n, rem = 0;
if (nd_mapping->nvdimm != nvdimm)
Reported by FlawFinder.
drivers/misc/habanalabs/goya/goya.c
25 issues
Line: 4539
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
case GOYA_ASYNC_EVENT_ID_TPC6_ECC:
case GOYA_ASYNC_EVENT_ID_TPC7_ECC:
index = (event_type - GOYA_ASYNC_EVENT_ID_TPC0_ECC) / 3;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_SRAM0 ... GOYA_ASYNC_EVENT_ID_SRAM29:
index = event_type - GOYA_ASYNC_EVENT_ID_SRAM0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4543
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_SRAM0 ... GOYA_ASYNC_EVENT_ID_SRAM29:
index = event_type - GOYA_ASYNC_EVENT_ID_SRAM0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_PLL0 ... GOYA_ASYNC_EVENT_ID_PLL6:
index = event_type - GOYA_ASYNC_EVENT_ID_PLL0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4547
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_PLL0 ... GOYA_ASYNC_EVENT_ID_PLL6:
index = event_type - GOYA_ASYNC_EVENT_ID_PLL0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_DEC:
case GOYA_ASYNC_EVENT_ID_TPC1_DEC:
case GOYA_ASYNC_EVENT_ID_TPC2_DEC:
case GOYA_ASYNC_EVENT_ID_TPC3_DEC:
Reported by FlawFinder.
Line: 4558
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
case GOYA_ASYNC_EVENT_ID_TPC6_DEC:
case GOYA_ASYNC_EVENT_ID_TPC7_DEC:
index = (event_type - GOYA_ASYNC_EVENT_ID_TPC0_DEC) / 3;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_KRN_ERR:
case GOYA_ASYNC_EVENT_ID_TPC1_KRN_ERR:
case GOYA_ASYNC_EVENT_ID_TPC2_KRN_ERR:
case GOYA_ASYNC_EVENT_ID_TPC3_KRN_ERR:
Reported by FlawFinder.
Line: 4569
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
case GOYA_ASYNC_EVENT_ID_TPC6_KRN_ERR:
case GOYA_ASYNC_EVENT_ID_TPC7_KRN_ERR:
index = (event_type - GOYA_ASYNC_EVENT_ID_TPC0_KRN_ERR) / 10;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_CMDQ ... GOYA_ASYNC_EVENT_ID_TPC7_CMDQ:
index = event_type - GOYA_ASYNC_EVENT_ID_TPC0_CMDQ;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4573
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_TPC0_CMDQ ... GOYA_ASYNC_EVENT_ID_TPC7_CMDQ:
index = event_type - GOYA_ASYNC_EVENT_ID_TPC0_CMDQ;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_QM ... GOYA_ASYNC_EVENT_ID_TPC7_QM:
index = event_type - GOYA_ASYNC_EVENT_ID_TPC0_QM;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4577
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_TPC0_QM ... GOYA_ASYNC_EVENT_ID_TPC7_QM:
index = event_type - GOYA_ASYNC_EVENT_ID_TPC0_QM;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_DMA0_QM ... GOYA_ASYNC_EVENT_ID_DMA4_QM:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA0_QM;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4581
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_DMA0_QM ... GOYA_ASYNC_EVENT_ID_DMA4_QM:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA0_QM;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_DMA0_CH ... GOYA_ASYNC_EVENT_ID_DMA4_CH:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA0_CH;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4585
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_DMA0_CH ... GOYA_ASYNC_EVENT_ID_DMA4_CH:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA0_CH;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_BMON_SPMU:
case GOYA_ASYNC_EVENT_ID_TPC1_BMON_SPMU:
case GOYA_ASYNC_EVENT_ID_TPC2_BMON_SPMU:
case GOYA_ASYNC_EVENT_ID_TPC3_BMON_SPMU:
Reported by FlawFinder.
Line: 4596
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
case GOYA_ASYNC_EVENT_ID_TPC6_BMON_SPMU:
case GOYA_ASYNC_EVENT_ID_TPC7_BMON_SPMU:
index = (event_type - GOYA_ASYNC_EVENT_ID_TPC0_BMON_SPMU) / 10;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_DMA_BM_CH0 ... GOYA_ASYNC_EVENT_ID_DMA_BM_CH4:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA_BM_CH0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
tools/power/x86/intel-speed-select/isst-display.c
25 issues
Line: 88
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *value)
{
char *spaces = " ";
static char delimiters[256];
int i, j = 0;
if (!level)
return;
Reported by FlawFinder.
Line: 115
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void format_and_print(FILE *outf, int level, char *header, char *value)
{
char *spaces = " ";
static char delimiters[256];
int i;
if (!out_format_is_json()) {
format_and_print_txt(outf, level, header, value);
return;
Reported by FlawFinder.
Line: 171
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int print_package_info(int cpu, FILE *outf)
{
char header[256];
if (out_format_is_json()) {
snprintf(header, sizeof(header), "package-%d:die-%d:cpu-%d",
get_physical_package_id(cpu), get_physical_die_id(cpu),
cpu);
Reported by FlawFinder.
Line: 195
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct isst_pbf_info *pbf_info,
int disp_level)
{
char header[256];
char value[512];
snprintf(header, sizeof(header), "speed-select-base-freq-properties");
format_and_print(outf, disp_level, header, NULL);
Reported by FlawFinder.
Line: 196
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int disp_level)
{
char header[256];
char value[512];
snprintf(header, sizeof(header), "speed-select-base-freq-properties");
format_and_print(outf, disp_level, header, NULL);
snprintf(header, sizeof(header), "high-priority-base-frequency(MHz)");
Reported by FlawFinder.
Line: 240
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int base_level)
{
struct isst_fact_bucket_info *bucket_info = fact_info->bucket_info;
char header[256];
char value[256];
int print = 0, j;
for (j = 0; j < ISST_FACT_MAX_BUCKETS; ++j) {
if (fact_bucket != 0xff && fact_bucket != j)
Reported by FlawFinder.
Line: 241
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct isst_fact_bucket_info *bucket_info = fact_info->bucket_info;
char header[256];
char value[256];
int print = 0, j;
for (j = 0; j < ISST_FACT_MAX_BUCKETS; ++j) {
if (fact_bucket != 0xff && fact_bucket != j)
continue;
Reported by FlawFinder.
Line: 325
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void isst_ctdp_display_core_info(int cpu, FILE *outf, char *prefix,
unsigned int val, char *str0, char *str1)
{
char header[256];
char value[256];
int level = 1;
if (out_format_is_json()) {
snprintf(header, sizeof(header), "package-%d:die-%d:cpu-%d",
Reported by FlawFinder.
Line: 326
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int val, char *str0, char *str1)
{
char header[256];
char value[256];
int level = 1;
if (out_format_is_json()) {
snprintf(header, sizeof(header), "package-%d:die-%d:cpu-%d",
get_physical_package_id(cpu), get_physical_die_id(cpu),
Reported by FlawFinder.
Line: 359
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void isst_ctdp_display_information(int cpu, FILE *outf, int tdp_level,
struct isst_pkg_ctdp *pkg_dev)
{
char header[256];
char value[512];
static int level;
int i;
if (pkg_dev->processed)
Reported by FlawFinder.